Vulnerabilities > Pepperl Fuchs > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-10 CVE-2024-6422 Missing Authentication for Critical Function vulnerability in Pepperl-Fuchs products
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
network
low complexity
pepperl-fuchs CWE-306
critical
9.8
2021-08-31 CVE-2021-34565 Use of Hard-coded Credentials vulnerability in Pepperl-Fuchs products
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
network
low complexity
pepperl-fuchs CWE-798
critical
9.8
2021-01-22 CVE-2020-12513 OS Command Injection vulnerability in Pepperl-Fuchs products
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
network
low complexity
pepperl-fuchs CWE-78
critical
9.0
2020-10-15 CVE-2020-12501 Use of Hard-coded Credentials vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
network
low complexity
pepperl-fuchs korenix CWE-798
critical
9.8